CVE-2022-20660

CWE-312Cleartext Storage of Sensitive Info4 documents4 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 75.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Cisco IP Conference Phone 7832 FirmwareCisco IP Conference Phone 8832 FirmwareCisco IP Phone 7811 Firmware+13 more
Timeline
PublishedJan 14
Latest updateJan 15

Description

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages16 packages

🔴Vulnerability Details

2
GHSA
GHSA-47mp-v7q4-xpjw: A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain c2022-01-15
CVEList
Cisco IP Phones Information Disclosure Vulnerability2022-01-14

📋Vendor Advisories

1
Cisco
Cisco IP Phones Information Disclosure Vulnerability2022-01-12